// Test for Marshalling and Unmarshalling Comit Messages
// Important: when making empty HashIds len should be set to HASH_SIZE
func TestMUCommit(t *testing.T) {
var err error
suite := edwards.NewAES128SHA256Ed25519(true)
//suite := nist.NewAES128SHA256P256()
rand := suite.Cipher([]byte("exampfsdjkhujgkjsgfjgle"))
rand2 := suite.Cipher([]byte("examplsfhsjedgjhsge2"))
cm := &sign.CommitmentMessage{}
cm.V, _ = suite.Point().Pick(nil, rand)
cm.V_hat, _ = suite.Point().Pick(nil, rand2)
cm.MTRoot = make([]byte, hashid.Size)
sm := sign.SigningMessage{Type: sign.Commitment, Com: cm}
smBytes, err := sm.MarshalBinary()
if err != nil {
t.Error(err)
}
messg := &sign.SigningMessage{}
err = messg.UnmarshalBinary(smBytes)
cm2 := messg.Com
// test for equality after marshal and unmarshal
if !cm2.V.Equal(cm.V) ||
!cm2.V_hat.Equal(cm.V_hat) ||
bytes.Compare(cm2.MTRoot, cm.MTRoot) != 0 {
t.Error("commit message MU failed")
}
}
// Test for Marshalling and Unmarshalling Challenge Messages
// Important: when making empty HashIds len should be set to HASH_SIZE
func TestMUChallenge(t *testing.T) {
nHashIds := 3
var err error
suite := edwards.NewAES128SHA256Ed25519(true)
//suite := nist.NewAES128SHA256P256()
rand := suite.Cipher([]byte("example"))
cm := &sign.ChallengeMessage{}
cm.C = suite.Secret().Pick(rand)
cm.MTRoot = make([]byte, hashid.Size)
cm.Proof = proof.Proof(make([]hashid.HashId, nHashIds))
for i := 0; i < nHashIds; i++ {
cm.Proof[i] = make([]byte, hashid.Size)
}
sm := &sign.SigningMessage{Type: sign.Challenge, Chm: cm}
smBytes, err := sm.MarshalBinary()
if err != nil {
t.Error(err)
}
messg := &sign.SigningMessage{}
err = messg.UnmarshalBinary(smBytes)
cm2 := messg.Chm
// test for equality after marshal and unmarshal
if !cm2.C.Equal(cm.C) ||
bytes.Compare(cm2.MTRoot, cm.MTRoot) != 0 ||
!byteArrayEqual(cm2.Proof, cm.Proof) {
t.Error("challenge message MU failed")
}
}
func benchGenSigEd25519(nkeys int) []byte {
suite := edwards.NewAES128SHA256Ed25519(false)
rand := suite.Cipher([]byte("example"))
return Sign(suite, rand, benchMessage,
Set(benchPubEd25519[:nkeys]), nil,
0, benchPriEd25519)
}
func TestSmallConfigHealthyNistQR512(t *testing.T) {
//suite := nist.NewAES128SHA256QR512()
suite := edwards.NewAES128SHA256Ed25519(true)
RoundsPerView := 100
if err := runTreeSmallConfig(sign.MerkleTree, RoundsPerView, suite, 0); err != nil {
t.Fatal(err)
}
}
func TestNewKeyPair(t *testing.T) {
suite := edwards.NewAES128SHA256Ed25519(false)
keypair := config.NewKeyPair(suite)
pub := suite.Point().Mul(nil, keypair.Secret)
if !pub.Equal(keypair.Public) {
t.Fatal("Public and private-key don't match")
}
}
// All Returns a map of all suites
func All() Suites {
s := make(Suites)
s.add(nist.NewAES128SHA256P256())
s.add(nist.NewAES128SHA256QR512())
s.add(ed25519.NewAES128SHA256Ed25519(false))
s.add(edwards.NewAES128SHA256Ed25519(false))
return s
}
func TestSmallConfigFaulty(t *testing.T) {
faultyNodes := make([]int, 0)
faultyNodes = append(faultyNodes, 2, 5)
suite := edwards.NewAES128SHA256Ed25519(true)
//suite := nist.NewAES128SHA256P256()
RoundsPerView := 100
if err := runTreeSmallConfig(sign.MerkleTree, RoundsPerView, suite, 1, faultyNodes...); err != nil {
t.Fatal(err)
}
}
func TestTcpNetwork(t *testing.T) {
clientHost := NewTcpHost("127.0.0.1")
serverHost := NewTcpHost("127.0.0.1")
suite := edwards.NewAES128SHA256Ed25519(false)
Suite = suite
clientPub := suite.Point().Base()
serverPub := suite.Point().Add(suite.Point().Base(), suite.Point().Base())
client := new(SimpleClient).Init(clientHost, clientPub)
server := new(SimpleServer).Init(serverHost, serverPub, t)
go server.Listen("127.0.0.1:5000", server.ExchangeWithClient)
time.Sleep(1 * time.Second)
client.ExchangeWithServer("127.0.0.1:5000", t)
}
func TestNego(t *testing.T) {
realSuites := []abstract.Suite{
edwards.NewAES128SHA256Ed25519(true),
}
fakery := 10
nentries := 10
datalen := 16
suites := make([]abstract.Suite, 0)
for i := range realSuites {
real := realSuites[i]
for j := 0; j < fakery; j++ {
suites = append(suites, &fakeSuite{real, j})
}
}
nlevels := 5
suiteLevel := make(map[abstract.Suite]int)
entries := make([]Entry, 0)
for i := range suites {
suiteLevel[suites[i]] = nlevels
nlevels++ // vary it a bit for testing
// Create some entrypoints with this suite
s := suites[i]
for j := 0; j < nentries; j++ {
pri := s.Scalar().Pick(random.Stream)
pub := s.Point().Mul(nil, pri)
data := make([]byte, datalen)
entries = append(entries, Entry{s, pub, data})
}
}
w := Writer{}
_, err := w.Layout(suiteLevel, entries, nil)
if err != nil {
t.Log(err)
t.FailNow()
}
}
func TestProofCollective(t *testing.T) {
suite := edwards.NewAES128SHA256Ed25519(false)
// 1st set of base points
g1, _ := suite.Point().Pick([]byte("G1"), random.Stream)
h1, _ := suite.Point().Pick([]byte("H1"), random.Stream)
// 1st secret value
x := suite.Scalar().Pick(random.Stream)
// 2nd set of base points
g2, _ := suite.Point().Pick([]byte("G2"), random.Stream)
h2, _ := suite.Point().Pick([]byte("H2"), random.Stream)
// 2nd secret value
y := suite.Scalar().Pick(random.Stream)
// Create proof
g := []abstract.Point{g1, g2}
h := []abstract.Point{h1, h2}
p, err := randhound.NewProof(suite, g, h, nil)
log.ErrFatal(err)
xG, xH, err := p.SetupCollective(x, y)
log.ErrFatal(err)
// Verify proof
q, err := randhound.NewProof(suite, g, h, p.Core)
log.ErrFatal(err)
_, bad, err := q.Verify(xG, xH)
log.ErrFatal(err)
if len(bad) != 0 {
log.Fatalf("Some proofs failed: %v", bad)
}
}
func NewServer(port1 int, id int, servers []string, FSMode bool) *Server {
suite := edwards.NewAES128SHA256Ed25519(false)
rand := suite.Cipher(abstract.RandomKey)
sk := suite.Scalar().Pick(rand)
pk := suite.Point().Mul(nil, sk)
pkBin := MarshalPoint(pk)
ephSecret := suite.Scalar().Pick(rand)
rounds := make([]*Round, MaxRounds)
for i := range rounds {
r := Round{
allBlocks: nil,
reqChan2: nil,
requestsChan: nil,
reqHashes: nil,
reqHashesRdy: nil,
ublockChan2: nil,
shuffleChan: make(chan []Block), //collect all uploads together
upHashesRdy: nil,
upHashes: nil,
dblocksChan: make(chan []Block),
blocksRdy: nil,
xorsChan: make([]map[int](chan Block), len(servers)),
}
rounds[i] = &r
}
s := Server{
port1: port1,
id: id,
servers: servers,
regLock: []*sync.Mutex{new(sync.Mutex), new(sync.Mutex)},
regChan: make(chan bool, TotalClients),
regDone: make(chan bool),
running: make(chan bool),
secretLock: new(sync.Mutex),
suite: suite,
g: suite,
sk: sk,
pk: pk,
pkBin: pkBin,
pks: make([]abstract.Point, len(servers)),
nextPks: make([]abstract.Point, len(servers)),
nextPksBin: make([][]byte, len(servers)),
ephSecret: ephSecret,
pi: nil,
keys: nil,
keysRdy: nil,
auxProofChan: make([]chan AuxKeyProof, len(servers)),
keyUploadChan: nil,
keyShuffleChan: make(chan InternalKey),
clientMap: make(map[int]int),
numClients: 0,
totalClients: 0,
maskss: nil,
secretss: nil,
rounds: rounds,
FSMode: FSMode,
memProf: nil,
}
for i := range s.auxProofChan {
s.auxProofChan[i] = make(chan AuxKeyProof, len(servers))
}
return &s
}
func NewClient(servers []string, myServer string, FSMode bool) *Client {
suite := edwards.NewAES128SHA256Ed25519(false)
myServerIdx := -1
rpcServers := make([]*rpc.Client, len(servers))
for i := range rpcServers {
if servers[i] == myServer {
myServerIdx = i
}
rpcServer, err := rpc.Dial("tcp", servers[i])
if err != nil {
log.Fatal("Cannot establish connection:", err)
}
rpcServers[i] = rpcServer
}
pks := make([]abstract.Point, len(servers))
var wg sync.WaitGroup
for i, rpcServer := range rpcServers {
wg.Add(1)
go func(i int, rpcServer *rpc.Client) {
defer wg.Done()
pk := make([]byte, SecretSize)
err := rpcServer.Call("Server.GetPK", 0, &pk)
if err != nil {
log.Fatal("Couldn't get server's pk:", err)
}
pks[i] = UnmarshalPoint(suite, pk)
}(i, rpcServer)
}
wg.Wait()
rounds := make([]*Round, MaxRounds)
for i := range rounds {
r := Round{
reqLock: new(sync.Mutex),
upLock: new(sync.Mutex),
downLock: new(sync.Mutex),
reqHashesChan: make(chan [][]byte),
dhashChan: make(chan []byte),
upHashesChan: make(chan [][]byte),
}
rounds[i] = &r
}
//id comes from servers
c := Client{
id: -1,
servers: servers,
rpcServers: rpcServers,
myServer: myServerIdx,
totalClients: -1,
FSMode: FSMode,
files: make(map[string]*File),
osFiles: make(map[string]*os.File),
testPieces: make(map[string][]byte),
suite: suite,
g: suite,
pks: pks,
keys: make([][]byte, len(servers)),
ephKeys: make([]abstract.Point, len(servers)),
dhashes: make(chan []byte, MaxRounds),
maskss: nil,
secretss: nil,
rounds: rounds,
}
return &c
}
"time"
"testing"
"afs/client"
"afs/lib"
"afs/server"
"github.com/dedis/crypto/edwards"
)
var servers []*server.Server = nil
var clients []*client.Client = nil
var ServerAddrs []string = []string{"127.0.0.1:8000", "127.0.0.1:8001"}
var Suite = edwards.NewAES128SHA256Ed25519(false)
const NumClients = 3
const NumServers = 2
func TestSetup(t *testing.T) {
//nothing goes on here
}
func TestFileShare(t *testing.T) {
for s := range servers {
servers[s].FSMode = true
}
for c := range clients {
clients[c].FSMode = true
}
// Set up some global variables such as the different messages used during
// this protocol and the general suite to be used
func init() {
suite = edwards.NewAES128SHA256Ed25519(false)
net.Suite = suite
}
func BenchmarkSign100Ed25519(b *testing.B) {
benchSign(edwards.NewAES128SHA256Ed25519(false),
benchPubEd25519[:100], benchPriEd25519, b.N)
}
func RunServer(conf *app.ConfigShamir) {
flags := app.RunFlags
s := edwards.NewAES128SHA256Ed25519(false)
n := len(conf.Hosts)
info := poly.Threshold{
N: n,
R: n,
T: n,
}
indexPeer := -1
for i, h := range conf.Hosts {
if h == flags.Hostname {
indexPeer = i
break
}
}
if indexPeer == -1 {
log.Fatal("Peer", flags.Hostname, "(", flags.PhysAddr, ") did not find any match for its name.Abort")
}
dbg.Lvl3("Creating new peer", flags.Hostname, "(", flags.PhysAddr, ") ...")
// indexPeer == 0 <==> peer is root
p := NewPeer(indexPeer, flags.Hostname, s, info, indexPeer == 0)
// make it listen
setup := monitor.NewMeasure("setup")
dbg.Lvl3("Peer", flags.Hostname, "is now listening for incoming connections")
go p.Listen()
// then connect it to its successor in the list
for _, h := range conf.Hosts[indexPeer+1:] {
dbg.Lvl3("Peer", flags.Hostname, "will connect to", h)
// will connect and SYN with the remote peer
p.ConnectTo(h)
}
// Wait until this peer is connected / SYN'd with each other peer
p.WaitSYNs()
// Setup the schnorr system amongst peers
p.SetupDistributedSchnorr()
p.SendACKs()
p.WaitACKs()
dbg.Lvl3(p.String(), "completed Schnorr setup")
// send setup time if we're root
if p.IsRoot() {
setup.Measure()
}
roundm := monitor.NewMeasure("round")
for round := 1; round <= conf.Rounds; round++ {
calc := monitor.NewMeasure("calc")
// Then issue a signature !
//sys, usr := app.GetRTime()
msg := "hello world"
// Only root calculates if it's OK and sends a log-message
if p.IsRoot() {
dbg.Lvl1("Starting round", round)
sig := p.SchnorrSigRoot([]byte(msg))
calc.Measure()
verify := monitor.NewMeasure("verify")
err := p.VerifySchnorrSig(sig, []byte(msg))
if err != nil {
dbg.Fatal(p.String(), "could not verify schnorr signature:/", err)
}
verify.Measure()
roundm.Measure()
dbg.Lvl3(p.String(), "verified the schnorr sig !")
} else {
// Compute the partial sig and send it to the root
p.SchnorrSigPeer([]byte(msg))
}
}
p.WaitFins()
dbg.Lvl3(p.String(), "is leaving ...")
if p.IsRoot() {
monitor.End()
}
}
Type MessageType
Am *AnnouncementMessage
Com *CommitmentMessage
Chm *ChallengeMessage
Rm *ResponseMessage
Cureq *CatchUpRequest
Curesp *CatchUpResponse
Vrm *VoteRequestMessage
Gcm *GroupChangedMessage
Err *ErrorMessage
From string
View int
LastSeenVote int // highest vote ever seen and commited in log, used for catch-up
}
var msgSuite abstract.Suite = edwards.NewAES128SHA256Ed25519(true)
//var msgSuite abstract.Suite = nist.NewAES128SHA256P256()
func NewSigningMessage() interface{} {
return &SigningMessage{}
}
func (sm *SigningMessage) MarshalBinary() ([]byte, error) {
return protobuf.Encode(sm)
}
func (sm *SigningMessage) UnmarshalBinary(data []byte) error {
var cons = make(protobuf.Constructors)
var point abstract.Point
var secret abstract.Secret
func benchGenKeysEd25519(nkeys int) ([]abstract.Point, abstract.Secret) {
return benchGenKeys(edwards.NewAES128SHA256Ed25519(false), nkeys)
}
func TestBiffle(t *testing.T) {
BiffleTest(edwards.NewAES128SHA256Ed25519(false), 1)
}
func Benchmark100PairShuffleEd25519(b *testing.B) {
TestShuffle(edwards.NewAES128SHA256Ed25519(false), 100, b.N)
}
func BenchmarkBiffleEd25519(b *testing.B) {
BiffleTest(edwards.NewAES128SHA256Ed25519(false), b.N)
}
func TestPairShuffle(t *testing.T) {
TestShuffle(edwards.NewAES128SHA256Ed25519(false), 10, 1)
}
func LoadJSON(file []byte, optsSlice ...ConfigOptions) (*HostConfig, error) {
opts := ConfigOptions{}
if len(optsSlice) > 0 {
opts = optsSlice[0]
}
hc := NewHostConfig()
var cf ConfigFileOld
err := json.Unmarshal(file, &cf)
if err != nil {
return hc, err
}
// TODO remove this duplicate check of tcp conn
connT := GoC
if cf.Conn == "tcp" {
connT = TcpC
}
// options override file
if opts.ConnType == "tcp" {
connT = TcpC
}
dir := hc.Dir
hosts := make(map[string]coconet.Host)
nameToAddr := make(map[string]string)
if connT == GoC {
for _, h := range cf.Hosts {
if _, ok := hc.Hosts[h]; !ok {
nameToAddr[h] = h
// it doesn't make sense to only make 1 go host
if opts.Faulty == true {
gohost := coconet.NewGoHost(h, dir)
hosts[h] = coconet.NewFaultyHost(gohost)
} else {
hosts[h] = coconet.NewGoHost(h, dir)
}
}
}
} else if connT == TcpC {
localAddr := ""
if opts.GenHosts {
localAddr, err = GetAddress()
if err != nil {
return nil, err
}
}
for i, h := range cf.Hosts {
addr := h
if opts.GenHosts {
p := strconv.Itoa(StartConfigPort)
addr = localAddr + ":" + p
//dbg.Lvl4("created new host address: ", addr)
StartConfigPort += 10
} else if opts.Port != "" {
dbg.Lvl4("attempting to rewrite port: ", opts.Port)
// if the port has been specified change the port
hostport := strings.Split(addr, ":")
dbg.Lvl4(hostport)
if len(hostport) == 2 {
addr = hostport[0] + ":" + opts.Port
}
dbg.Lvl4(addr)
} else if len(opts.Hostnames) != 0 {
addr = opts.Hostnames[i]
}
nameToAddr[h] = addr
// add to the hosts list if we havent added it before
if _, ok := hc.Hosts[addr]; !ok {
// only create the tcp hosts requested
if opts.Host == "" || opts.Host == addr {
if opts.Faulty == true {
tcpHost := coconet.NewTCPHost(addr)
hosts[addr] = coconet.NewFaultyHost(tcpHost)
} else {
hosts[addr] = coconet.NewTCPHost(addr)
}
} else {
hosts[addr] = nil // it is there but not backed
}
}
}
}
suite := edwards.NewAES128SHA256Ed25519(true)
//suite := nist.NewAES128SHA256P256()
if opts.Suite != nil {
suite = opts.Suite
}
rand := suite.Cipher([]byte("example"))
//fmt.Println("hosts", hosts)
// default value = false
if err != nil {
log.Fatal(err)
}
start := time.Now()
if opts.NoTree == false {
_, err = ConstructTree(cf.Tree, hc, "", suite, rand, hosts, nameToAddr, opts)
}
dbg.Lvl3("Timing for ConstructTree", time.Since(start))
if connT != GoC {
hc.Dir = nil
}
// add a hostlist to each of the signing nodes
var hostList []string
for h := range hosts {
hostList = append(hostList, h)
}
for _, sn := range hc.SNodes {
sn.HostList = make([]string, len(hostList))
sortable := sort.StringSlice(hostList)
sortable.Sort()
copy(sn.HostList, sortable)
// set host list on view 0
//dbg.Lvl4("in config hostlist", sn.HostList)
sn.SetHostList(0, sn.HostList)
}
return hc, err
}
func runStaticTest(signType sign.Type, RoundsPerView int, faultyNodes ...int) error {
// Crypto setup
suite := edwards.NewAES128SHA256Ed25519(true)
//suite := nist.NewAES128SHA256P256()
rand := suite.Cipher([]byte("example"))
// number of nodes for the test
nNodes := 4
// create new directory for communication between peers
dir := coconet.NewGoDirectory()
// Create Hosts and Peers
h := make([]coconet.Host, nNodes)
for i := 0; i < nNodes; i++ {
hostName := "host" + strconv.Itoa(i)
if len(faultyNodes) > 0 {
h[i] = &coconet.FaultyHost{}
gohost := coconet.NewGoHost(hostName, dir)
h[i] = coconet.NewFaultyHost(gohost)
} else {
h[i] = coconet.NewGoHost(hostName, dir)
}
}
for _, fh := range faultyNodes {
h[fh].(*coconet.FaultyHost).SetDeadFor("response", true)
}
// Create Signing Nodes out of the hosts
nodes := make([]*sign.Node, nNodes)
for i := 0; i < nNodes; i++ {
nodes[i] = sign.NewNode(h[i], suite, rand)
nodes[i].Type = signType
nodes[i].GenSetPool()
nodes[i].RoundsPerView = RoundsPerView
defer nodes[i].Close()
h[i].SetPubKey(nodes[i].PubKey)
// To test the already keyed signing node, uncomment
// PrivKey := suite.Secret().Pick(rand)
// nodes[i] = NewKeyedNode(h[i], suite, PrivKey)
}
nodes[0].Height = 2
nodes[1].Height = 1
nodes[2].Height = 0
nodes[3].Height = 0
// Add edges to parents
h[1].AddParent(DefaultView, h[0].Name())
h[2].AddParent(DefaultView, h[1].Name())
h[3].AddParent(DefaultView, h[1].Name())
// Add edges to children, listen to children
h[0].AddChildren(DefaultView, h[1].Name())
h[1].AddChildren(DefaultView, h[2].Name(), h[3].Name())
for _, host := range h {
host.Listen()
host.Connect(0)
}
for i := 0; i < nNodes; i++ {
if len(faultyNodes) > 0 {
nodes[i].FailureRate = 1
}
go func(i int) {
// start listening for messages from within the tree
nodes[i].Listen()
}(i)
}
// Have root node initiate the signing protocol
// via a simple annoucement
nodes[0].LogTest = []byte("Hello World")
// return nodes[0].Announce(DefaultView, &coll_sign.AnnouncementMessage{LogTest: nodes[0].LogTest, Round: 1})
return nodes[0].StartAnnouncement(&sign.AnnouncementMessage{LogTest: nodes[0].LogTest, Round: 1})
}
package network
import (
"bytes"
"github.com/dedis/cothority/lib/cliutils"
"github.com/dedis/crypto/abstract"
"github.com/dedis/crypto/config"
"github.com/dedis/crypto/edwards"
"reflect"
"testing"
)
var s abstract.Suite = edwards.NewAES128SHA256Ed25519(false)
var key1 config.KeyPair = cliutils.KeyPair(s)
var key2 config.KeyPair = cliutils.KeyPair(s)
func TestListBasicSignatureMarshaling(t *testing.T) {
Suite = s
bs := BasicSignature{
Pub: key1.Public,
Chall: key1.Secret,
Resp: key1.Secret,
}
var length int = 10
sigs := make([]BasicSignature, length)
for i := 0; i < length; i++ {
sigs[i] = bs
}
lbs := ListBasicSignature{
Length: length,
Sigs: sigs,
func BenchmarkVerify100Ed25519(b *testing.B) {
benchVerify(edwards.NewAES128SHA256Ed25519(false),
benchPubEd25519[:100], benchSig100Ed25519, b.N)
}
func TestPVSS(t *testing.T) {
suite := edwards.NewAES128SHA256Ed25519(false)
G := suite.Point().Base()
H, _ := suite.Point().Pick(nil, suite.Cipher([]byte("H")))
n := 10
threshold := 2*n/3 + 1
x := make([]abstract.Scalar, n) // trustee private keys
X := make([]abstract.Point, n) // trustee public keys
index := make([]int, n)
for i := 0; i < n; i++ {
x[i] = suite.Scalar().Pick(random.Stream)
X[i] = suite.Point().Mul(nil, x[i])
index[i] = i
}
// Scalar of shared secret
secret := suite.Scalar().Pick(random.Stream)
// (1) Share-Distribution (Dealer)
pvss := randhound.NewPVSS(suite, H, threshold)
idx, sX, encProof, pb, err := pvss.Split(X, secret)
log.ErrFatal(err)
// (2) Share-Decryption (Trustee)
pbx := make([][]byte, n)
for i := 0; i < n; i++ {
pbx[i] = pb // NOTE: polynomials can be different
}
sH, err := pvss.Commits(pbx, index)
log.ErrFatal(err)
// Check that log_H(sH) == log_X(sX) using encProof
_, bad, err := pvss.Verify(H, X, sH, sX, encProof)
log.ErrFatal(err)
if len(bad) != 0 {
log.Fatalf("Some proofs failed: %v", bad)
}
// Decrypt shares
S := make([]abstract.Point, n)
decProof := make([]randhound.ProofCore, n)
for i := 0; i < n; i++ {
s, d, err := pvss.Reveal(x[i], sX[i:i+1])
log.ErrFatal(err)
S[i] = s[0]
decProof[i] = d[0]
}
// Check that log_G(S) == log_X(sX) using decProof
_, bad, err = pvss.Verify(G, S, X, sX, decProof)
log.ErrFatal(err)
if len(bad) != 0 {
log.Fatalf("Some proofs failed: %v", bad)
}
// (3) Secret-Recovery (Dealer)
recovered, err := pvss.Recover(idx, S, len(S))
log.ErrFatal(err)
// Verify recovered secret
if !(suite.Point().Mul(nil, secret).Equal(recovered)) {
log.Fatalf("Recovered incorrect shared secret")
}
}